Javascript Weak Hash Md4
Description
Detects usage of the cryptographically broken MD4 hash function in JavaScript code. MD4 is a weak hashing algorithm that is vulnerable to collision attacks and should not be used for security purposes.
Detection Strategy
• Look for JavaScript code using MD4 hash functions or algorithms
• Check for MD4 hash computations in cryptographic operations
• Report a vulnerability when MD4 hash function usage is detected in the code
• Identify any direct references or imports of MD4 hashing libraries/modules
Vulnerable code example
const crypto = require('crypto');
function hashPassword(password) {
// Vulnerable: Using MD4 hash algorithm which is cryptographically broken
const hash = crypto.createHash('RSA-MD4');
hash.update(password);
return hash.digest('hex');
}...✅ Secure code example
const crypto = require('crypto');
function hashPassword(password) {
// Secure: Using SHA-256 with random salt and multiple iterations
const salt = crypto.randomBytes(16).toString('hex');
const hash = crypto.pbkdf2Sync(password, salt, 10000, 64, 'sha256');
return `${salt}:${hash.toString('hex')}`;
}...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.